CVE-2006-1173 sendmail

Metadata

medium
5.0
sendmail
CVE-2006-1173
2017-12-30 18:03
CVE-2006-1173
2017-12-29 23:00
2017-12-29 21:03
2017-06-18 07:03
2017-06-16 18:45
2017-04-01 19:11
2017-01-05 20:16

Description

Sendmail before 8.13.7 allows remote attackers to cause a denial of service via deeply nested, malformed multipart MIME messages that exhaust the stack during the recursive mime8to7 function for performing 8-bit to 7-bit conversion, which prevents Sendmail from delivering queued messages and might lead to disk consumption by core dump files.

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

Release Package Patched in
buster sendmail 8.13.7-1
jessie sendmail 8.13.7-1
sid sendmail 8.13.7-1
stretch sendmail 8.13.7-1
wheezy sendmail 8.13.7-1